BackEnd Programming MS SQL Server 

Automatic Blocking of a particular IP Address

Web application security is a branch of Information Security that deals specifically with the security of websites, web applications and web services. At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems.

Websites and any network to which web servers are connected are prone to security risks . With the emergence of the web and app based applications on such a large scale, there arises an issue of security. To overcome such a situation, every application has a role assigned that supervises the activities and transactions that occur over the application.

According to the security vendor Cenzic, the top vulnerabilities in March 2012 include:

              Image Reference: https://en.wikipedia.org/wiki/Web_application_security

Best Practices Recommendation:

Secure web application development should be enhanced by applying security checkpoints and techniques at early stages of development as well as throughout the software development lifecycle. Special emphasis should be applied to the coding phase of development.

Security mechanisms to be used include, threat modeling, risk analysis, static analysis, digital signature, among others.

This particular module is designed with a .NET framework using C# and the SQL Server. This requires the user designing the application to keep a track of all the IP Addresses that access the website into a table. Let us name it as Ip_Log. The table can consist of the columns such as:

Log_Id Ip_Address Login_DateTime Logout_DateTime Browser

 

SELECT * FROM [dbo].[Ip_Log] 
	WHERE IP_Address=@ipAddress AND DATEDIFF(Mi,LogIn_DateTime,GETDATE()) <=10
GROUP BY Ip_Address HAVING  COUNT(IP_Address)>=50

The above query used to check an IP Address making multiple attempts to access your site. If an IP address has attempted more than 50 attempts within 10 minutes, return a status ex: ‘Blocked’.

Also Read:  How to configure SQL server to access it remotely

On the JavaScript front, when the response received says ‘Blocked’ hide the Login panel so that malicious attempts are reduced.

Related posts